[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Eric Marden wp at xentek.net
Sat Nov 14 07:53:25 UTC 2009


On Nov 12, 2009, at 5:26 PM, Ken Newman wrote:

> Perhaps he meant that the plugin would change that .htaccess setting  
> or add the one you suggested:
>
> RemoveHandler application/x-httpd-php .php
> <FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
>   SetHandler application/x-httpd-php
> </FilesMatch>
> <FilesMatch "\.phps$">
>  SetHandler application/x-httpd-php-source
> </FilesMatch>

That's exactly what I meant. :)

- Eric Marden
__________________________________
http://xentek.net/code/wordpress/
tw: @xentek






More information about the wp-hackers mailing list